Okta Integration Guide U Sing Okta With Google Cloud Platform
1y ago
25 Views
1 Downloads
344.99 KB
6 Pages
Report/dmca
Download PDF

Transcription

Okta Integration Guide sing Okta with Google Cloud PlatformUV 1.1April 2019Okta Inc.100 First StreetSan Francisco, CA 94105info@okta.com1-888-722-7871

Okta / Google Cloud Platform Integration GuideTable of ContentsTable of ContentsIntegration OverviewUsing Okta with Google Cloud PlatformSet Up1222Set up a G Suite instance2Set up a GCP instance2Connect Okta to your G Suite instance3Testing the Set Up4Create a new user in Okta4Create a new group in Okta4Assign the new user to the new group4Assign the G Suite application to the group4Test the end-user login (G Suite)4Assign role(s) to user (GCP)5Test the end-user login (GCP)5Table of ContentsPage 1 of 6

Okta / Google Cloud Platform Integration GuideIntegration OverviewUsing Okta with Google Cloud PlatformOkta integrates with Google Cloud Platform so that GCP users can SSO from Okta into their GCP accountswith the same security and ease-of-use that they get when they SSO from Okta into their G Suite accounts.GCP administrators can use Okta to automatically create and deactivate GCP users (and their licenses), andalso use GCP IAM to assign roles to groups imported from Okta.If you want, you can follow along with the setup instructions below using a basic G Suite instance, a free trialinstance of GCP, and a free trial edition of Okta (please note that this setup will not work with the developeredition of Okta).Set UpThe essential steps to connecting your Okta instance with your GCP instance are:1. Set up a G Suite instancea. G Suite essential acts as GCP’s identity layer in this federation scenario.2. Set up a GCP instancea. Set up the GCP instance with the same organization and domain that you set up with G Suite3. Connect Okta to your G Suite instancea. Okta has step-by-step instructions in the Okta UI to connect to G Suiteb. SSO: enable Okta users to SSO into G Suite and GCPc. Provisioning: allow Okta to create (and deactivate) users (and licenses) in G Suite and GCPd. Push groups: allow Okta to create groups in G Suite and GCPSet up a G Suite instanceSet up a G Suite instance; a trial instance is fine.Make sure you verify the domain that is associated with the G Suite instance.Make sure that API Access is enabled for G Suite: Security API Reference API AccessSet up a GCP instanceSet up a GCP instance, using the same super-admin account that you used in setting up G Suite.Make sure that you have an “organization” associated with your GCP instance. To see if you have anorganization associated with your GCP instance, click on the Projects drop-down list at the top of the panel:Table of ContentsPage 2 of 6

Okta / Google Cloud Platform Integration GuideYou should see a “Select From” drop-down with your domain name:If you don’t see the “Select from” drop-down and your domain, then you do not yet have an organizationassociated with your GCP account.If you’ve just spun up this instance or are using a free trial, make sure that you have upgraded the free trial: There is usually a banner at the top of the GCP admin panel letting you know that you have 300 infree credit for 12 months. Click on “upgrade” to enable this. You may need to log out and log back in after you upgrade for the change to take effect.You may need to assign an “Organization administrator” role to a user in the tenant. Google does notrecommend making the G Suite super admin also the GCP super admin, but for PoC purposes, this is fine.Follow the instructions here to assign the organization administrator role.Connect Okta to your G Suite instanceIn your Okta tenant, go to Applications- Applications and click “Add Application”.Search for “G Suite”.Follow the setup wizard in the Okta UI to enable SSO to G Suite.Choose SAML 2.0 as your Sign-On Method, and click View Setup Instructions to set up G Suite.Note : the Single Sign-On setup screen in Google can be erratic. You may need to refresh the page andre-enter the Okta settings on the page until you get to a screen that allows you to click “I understand andagree”.After you have set up SSO, click on the Provisioning tab to set up Provisioning to G Suite.Follow the on-screen instructions; accept all of the defaults.Table of ContentsPage 3 of 6

Okta / Google Cloud Platform Integration GuideTesting the Set UpCreate a new user in OktaFor the user’s login/email, make sure you use the same domain that you used in setting up G Suite.Create a new group in OktaApplication assignments are usually done through groups in Okta, so create a new group in Okta: “devops”Assign the new user to the new groupIn the group screen, click “Manage People”Assign the G Suite application to the groupIn the group screen, click “Manage Apps”Choose the G Suite application.When you click the Assign button, you will be presented with options to set up specific settings for this group’srelationship with G Suite.Leave all settings as-is.Click “Save and Go back” and then “Done”.Make sure you do not see any errors.At this point, the new user that you have created in Okta has been created in G Suite as well, and is alsovisible to GCP.Test the end-user login (G Suite)Log in to your Okta instance as the new user.You should see your G Suite applications.Click on a G Suite application (Drive, for example).Table of ContentsPage 4 of 6

Okta / Google Cloud Platform Integration GuideGoogle may present you with a license agreement.Google may prompt you to verify an SMS message.You should be able to see the new user’s G Drive.Assign role(s) to user (GCP)Users in G Suite are not immediately visible in GCP. As an admin, you must explicitly assign a role to the userto enable them to really do anything (though they will be able to authenticate in GCP without you doinganything).To assign a role (and/or project) to a user, log in to your GCP console as an admin and click “IAM & admin”.Click “Add” at the top of the screen to add a user.In the “New members” box, start typing the email address of one of your G Suite users. GCP will find the user.Assign a role to the user.Test the end-user login (GCP)Open a new incognito window and go to an address like the following:https://www.google.com/a/ atkobiz.com /ServiceLogin?continue https://console.cloud.google.comwhere you replace “atkobiz.com” with your own domain.Log in as the new user and you will see that you are part of your GCP domain.Table of ContentsPage 5 of 6

Okta / Google Cloud Platform Integration Guide Google may present you with a license agreement. Google may prompt you to verify an SMS message. You should be able to see the new user's G Drive. Assign role(s) to user (GCP) Users in G Suite are not immediately visible in GCP. As an admin, you must explicitly assign a role to the user

Related Books

NIST Zero Trust 800-207 Mapping for Okta

NIST Zero Trust 800-207 Mapping for Okta

Okta Embedded-OCC Implementation Guide

Okta Embedded-OCC Implementation Guide

OKTA CONFIGURATION GUIDE - SafeGuard Cyber

OKTA CONFIGURATION GUIDE - SafeGuard Cyber

Active Directory Integration with Okta

Active Directory Integration with Okta

Consultant Exam - Okta

Consultant Exam - Okta

eBook Infrastructuur beschermen via identity - Okta

eBook Infrastructuur beschermen via identity - Okta

Comprehensive Warm-Ups

Comprehensive Warm-Ups

Okta SSO Configuration Guide - Brivo

Okta SSO Configuration Guide - Brivo

SAML & SCIM CONFIGURATION GUIDE FOR OKTA

SAML & SCIM CONFIGURATION GUIDE FOR OKTA

Integrating Okta with Citrix NetScaler Unified Gateway SAML IDP

Integrating Okta with Citrix NetScaler Unified Gateway SAML IDP

Integrate OKTA SSO - Netsurion

Integrate OKTA SSO - Netsurion

PopularTags

Recent Views